ADVERTISEMENT

IDMerit data breach: 1 billion records of personal data exposed in KYC data leak

An unprotected database, likely containing know-your-customer (KYC) data, has spilled vast amounts of personal records across multiple countries, including the USA, Germany, France, China, Brazil, and many more.

Globe with data leak, personal records

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Feb 18, 2026 Updated: 27 February 2026 6 min read
Key takeaways:
IDMerit global data leak map

IDMerit’s statement regarding the data leak

What personal data was leaked?

  • Full names
  • Addresses
  • Post codes
  • Dates of birth
  • National IDs
  • Phone numbers
  • Genders
  • Email addresses
  • Telco metadata
  • Breach status and social profile annotations
IDMerit data leak
Sample of the leaked data. Image by Cybernews.
IDMerit data leak sample data
Sample of the leaked data. Image by Cybernews.

Who is IDMerit and how did this happen?

IDMerit data leak sample
Sample of the leaked data. Image by Cybernews.
ADVERTISEMENT

Global data leak spans multiple countries

IDMerit data leak sample
Sample of the leaked data. Image by Cybernews.
“At this scale, downstream risks include account takeovers, targeted phishing, credit fraud, SIM swaps, and long-tail privacy harms. Industry-wide, the case underlines how third-party identity vendors have become critical infrastructure and can become single points of catastrophic failure,”
our team said.
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Why this leak is different

  1. Execute SIM Swaps. Using your National ID and Telco Metadata to hijack your phone number and intercept security codes.
  2. Launch Targeted Phishing. Scammers can use your actual home address and ID number to craft highly convincing fraudulent messages.
  3. Bypass Identity Checks. Since this data was collected for KYC purposes, criminals can attempt to use it to impersonate victims on other financial platforms.

3 Essential steps to protect yourself now

  • Freeze Your Credit: Contact credit bureaus immediately to lock your reports. This is the most effective way to prevent unauthorized loans from being opened in your name using your leaked personal data.
  • Update Your 2-Factor Authentication: Move away from SMS-based security. Switch to an authenticator app (like Google Authenticator) or a physical hardware key (YubiKey).
  • Verify All "Official" Contact: If you receive a call from a bank or government agency referencing your ID number or address, hang up. Locate the official number independently and call them back to verify the claim.

Leaking billions of records’ becoming routine

Has my data been leaked?

  • Leak discovered: November 11th, 2025
  • Initial disclosure: November 12th, 2025
  • Leak closed: November 12th, 2025

ADVERTISEMENT